Assurance

SBR Assurance

In January 2018 the Netherlands started an additional eXtensible Business Reporting Language (XBRL) mandate under the banner of Standard Business Reporting (SBR). The new mandate requires medium-sized enterprises to file their annual reports in the XBRL format, and accountants to provide an electronically signed auditor’s opinion. This standard, SBR Assurance, ensures that the information in the XBRL report cannot be falsified. The XBRL annual report will be the only version of the annual report; no paper or pdf version can be filed with the business register (Kamer van Koophandel); the auditor opinion must be filed in XBRL as well.

The Institute of Chartered Accountants (NBA) published an XBRL taxonomy which defines the content of the auditor’s opinion in XBRL format. An auditor’s opinion XBRL instance document can easily be generated by accountants, and can be visualized.

The Dutch Central Bank (DNB) started a pilot with digital signing of on regulatory reports, using the same technology.

Technical background

The SBR initiative created the SBR Assurance specification, which uses open standards (e.g. X.509, XML Detached Signature with XAdES) for linking and signing of the XBRL statutory report and the XBRL auditor’s opinion. The auditor signs off with the electronic certificate (provided by the Institute of Chartered Accountants and approved by the Netherlands’ trusted root certificate). The resulting three files (XBRL report, XBRL auditor’s opinion and XML detached signature) are then filed with the business register.

SBR Assurance is very similar to the European eSignature; full compatibility is currently being investigated.

OpenSBR Assurance open source software

OpenSBR created an open source library (.NET; MIT license) and a proof of concept desktop tool, demonstrating how to sign off on an XBRL annual report and XBRL auditor opinion. The tool also allows for verification of signatures and non-repudiation.

The tool is successfully used by many audit firms in the Netherlands (small to large) to comply with the Dutch mandate. The library is used by several software companies in their commercial software, and as a reference by others when writing in other programming languages.